'Re: [qubes-devel] Qubes Security Bulletin #22 (Critical bug)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Qubes Security Bulletin #22 (Critical bug)
From:       Axon <axon () openmailbox ! org>
Date:       2015-10-30 7:45:28
Message-ID: 56332018.9020701 () openmailbox ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

sowowsuchmailvery@onenetbeyond.org:
> On 10/30/2015 12:13 AM, Axon wrote:
> > Marek Marczykowski-Górecki: On Thu, Oct 29, 2015 at 03:46:13PM
> > +0100, sowowsuchmailvery@onenetbeyond.org wrote:
> > 
> > Hello,
> > 
> > In my understanding, not even a grsec/pax kernel would have 
> > stopped this. For example Alpine Linux as dom0. Is it correct? 
> > Yes, any protection applied by dom0 is useless here, as the 
> > vulnerability allows direct escalation from any PV VM to
> > complete system control.
> > > > > 
> > This is the sort of insane bug that haunts Qubes users'
> > nightmares (or at least mine). The fact that it's been there for
> > seven years is almost enough to make one want to throw up one's
> > hands and reconsider this whole "using computers" thing.
> > 
> > On a more sober note, I was surprised by this comment in the
> > QSB:
> > 
> > This bug might also be considered an argument for the view of 
> > ditching of para-virtualized (PV) VMs, and switch to HVMs, Seems
> > like many (most?) of the serious Xen bugs *before this one* 
> > affected only HVMs. Out of the frying pan and into the fire?
> > 
> > or better yet: PVH VMs for better isolation. Sounds like the best
> > (=least bad) option.
> 
> Attackers will always get what they want as long as it's not too 
> expensive compared to the results.
> 
> I see a point in setting up protection on all levels (not just by 
> isolation) and to make an attack harder, more resourceful and more 
> detectable.
> 
> Even in VMs we may have important files and don't want to give them
> to someone else for cheap tricks, right?
> 
> Would Qubes OS consider this kind of approach and for example add
> some hardening to the default VM templates? Or stick to the message
> of "the sudoers file"? ;)
> 

Someone asked Joanna essentially the same question on Twitter today.
Her response:

"We hope to work with @subgraph on meaningful root protection in VMs,
rather than BS users with sudo-theater."

Source: https://twitter.com/rootkovska/status/659791932617551872
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWMx/+AAoJEJh4Btx1RPV8+VYQAJQCXDU+szJaAA4bEAN1NxRb
tusEm8ykxOyDvpSCeHY5sxaSueVU8T46i13y5C7tTRBKjvmhSBhJJ6f2USv7SKL6
DU02uDcPBEQjvUwtyOhdxvLy6W+30/iRGl41/Sbg8Y2ZxiNaWKkbJXeC5giGihZI
wOfuzB/niv9yWZUDwR7I81SbbpWJ/PHbjLcB55izBJYy21tTfp1Urxhd8Pkr2Nps
W9BPMVLA2tcM2bgGvldCkxEOSjYaGcK86Iqt9yqG2HQwjbfeLv4JWdNXNnfpHUYH
FmTHYz5JTMH8hmxla3BNjUNLTtuu7YnAQjslUAvmIRDzweyqqa3OUL91YuEUdq84
lphI8+YPMfVFBQPcgXpEqWA/2DfEShqBO8wnx46v5LaZPktNLcHh8ORdV+PRFRux
+K3vcLorb/9V9qVpbtBqyDU5CsGhzApg2ogfFzQAtMzO3Bjc8c4XAqQ89Axkg2PW
7NasFoXg/e3v6B6BK8AqGHKQkryeRCjL4bxbanim/lgqFeW/LTAPC4To9NvEJMOt
Ro7LWhGR9UKpdl2WtmSmBA9DnrPLGBmn6LEa4nCuqqp+czhNEm++vLwb7QlO2E8P
AJLcbWoV/dF2ED98Vom6R+12n8qdHts3Tqy0kkTXJA1HFwf3lLQfiuFLcc0RMdMH
8jIbKumEFK+A5NPu+RI0
=T6ZW
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/56332018.9020701%40openmailbox.org. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic